Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM endpoint IP address

This thread has been viewed 5 times

  • 1.  CPPM endpoint IP address

    Posted Mar 07, 2018 08:26 AM

    Hello,

    I have a problem with determining the current ip address of the host. I set the device info poll interval check to 10 min.

    When the host is authorized by 802.1x only after 10 minutes I have information about its IP address.

    I would like to receive updated information about its ip address right after authorization.

    Is it possible to perform "device info poll interval" for each endpoint separately? Maybe there is some other function that allows the effect.

     



  • 2.  RE: CPPM endpoint IP address

    EMPLOYEE
    Posted Mar 07, 2018 08:27 AM
    Is RADIUS accounting enabled on the NAD?


  • 3.  RE: CPPM endpoint IP address

    Posted Mar 07, 2018 08:36 AM

    Yes, on the switch, I set Clearpassa as a radius server. Authorization proceeds successfully and the host gets the ip address from the dhcp(router). 



  • 4.  RE: CPPM endpoint IP address

    EMPLOYEE
    Posted Mar 07, 2018 08:45 AM
    Please verify you're seeing RADIUS accounting data.


  • 5.  RE: CPPM endpoint IP address

    Posted Mar 07, 2018 08:54 AM

    In Monitoring » Live Monitoring » Access Tracker 

    I am browsing information about the authenticated user but I do not see the information about the ip address. When CPPM sends an SNMP to Switch to read the ARP table (this is Device Info Poll Interval), it obtains information about the real ip address.

    I do not know how clearpass sends such a query. I was looking for such an option in the API but I did not find anything.



  • 6.  RE: CPPM endpoint IP address

    EMPLOYEE
    Posted Mar 07, 2018 08:59 AM
    Look under accounting instead of access tracker.


  • 7.  RE: CPPM endpoint IP address

    Posted Mar 07, 2018 09:07 AM

    Only:

    NAS IP Address- IP address of the switch

    Calling Station ID: authenticated host MAC

    In Accounting Packet Details there is no information about the ip address of the host.

    cppm1.PNG 

     

    In Monitoring » Live Monitoring » Access Tracker

    section Endpoint Attributes

    cppm2.PNG

    when i change the ip address of the host and re-authenticates I see the old IP address. It's only after 10 minutes when the device info poll interval is done that I will see the new IP address.



  • 8.  RE: CPPM endpoint IP address

    EMPLOYEE
    Posted Mar 07, 2018 09:26 AM
    If it's a static IP and you're relying on scans, then yes there will be a delay. What exactly are you trying to do?


  • 9.  RE: CPPM endpoint IP address

    Posted Mar 07, 2018 09:32 AM

    I would like to receive the current ip address on the host immediately after the authentication.

    The host gets the ip address from dhcp, from the router not the switch.



  • 10.  RE: CPPM endpoint IP address

    Posted Mar 09, 2018 03:21 AM

    Is it possible to manually launch device info poll interval?

    I understand that this is a CPPM function that is implemented in the database?
    Maybe you can do this query?



  • 11.  RE: CPPM endpoint IP address

    Posted Mar 13, 2018 04:05 AM

    I've recently searched some snmp documentation. It turned out that the device info poll interval is just a snmp query using OID, thanks to this query I can read the arp table.

    How can I trigger this action using OID?